External HDD Shortcut Virus Help!

Hey everyone.

I don't know if this is the best category for the problem I'm having, but here it goes.

My problem:
I have a 1TB external hard drive that seems to have a virus on it. This virus has made every folder and every files that's not in a folder a shortcut. When I click a folder or file that's turned into a shortcut, it takes me to my documents instead, so I can't access any of my files at all.

What I've done so far:
I've already ran a complete Malwarebytes scan, and I've ran other virus scans, but I've had no luck finding this virus so far.

What I can't do:
Please don't tell me to just move my files onto another hard drive and format my hard drive. I just simply don't have another hard drive that's even close to the same size as my 1TB external, so I just can't do that. I realize it would be the best way to get rid of the virus, but I can't do it.
Reply to Anonymous
12 answers Last reply
More about external shortcut virus help
  1. Hello,

    Here are a couple URLs that discuss an ext drive virus that converts files to shortcuts, including a symantec discusstion

    http://www.symantec.com/business/support/index?page=content&id=TECH104447

    and a MS community one

    http://answers.microsoft.com/en-us/windows/forum/windows_7-files/files-on-external-drive-have-changed-to-shortcuts/695db4cc-645f-4bd1-85c7-41671457fe11
    Reply to John_VanKirk
  2. John_VanKirk said:
    Hello,

    Here are a couple URLs that discuss an ext drive virus that converts files to shortcuts, including a symantec discusstion

    http://www.symantec.com/business/support/index?page=content&id=TECH104447

    and a MS community one

    http://answers.microsoft.com/en-us/windows/forum/windows_7-files/files-on-external-drive-have-changed-to-shortcuts/695db4cc-645f-4bd1-85c7-41671457fe11


    Okay, so what I getting from both those links is that there's an .inf file (or some kind of file) somewhere on my hard drive that's changing all of the folders into icons.

    So, what I just did was I went into the folder options to allow me to see absolutely everything that's on my hard drive (even hidden folders, files, etc) and found that all of my folders and files are hidden. I can access all of my folders and files with no problem now, except that I can only see them when I have everything showing and if I've enabled showing hidden folders, files, etc.

    I right-clicked one of the shortcuts, and looked at where its target location is, and it's somewhere in System32. When I open its target location, it takes me to System32, and the file in System32 that it highlights is cmd.exe.

    EDIT: I just discovered that when I go into the security tab to change permissions and access and such, I can't change permissions on any of my files. When I try and change permissions, or when I try and remove group or users name, it gives me a Windows Security message saying "You can't remove X (X being the name of the account or group) because this object is inheriting permissions from its parent. To remove X, you must prevent this object from inheriting permissions, and then try removing X" What the heck does that message mean???
    Reply to Anonymous
  3. run this program Unhide.exe this will restore the files hidden by the virus.

    http://www.bleepingcomputer.com/forums/topic405109.html
    this is a description of some of the common tweeks this family of viruses creates.
    Reply to the great randini
  4. the great randini said:
    run this program Unhide.exe this will restore the files hidden by the virus.

    http://www.bleepingcomputer.com/forums/topic405109.html
    this is a description of some of the common tweeks this family of viruses creates.


    What will happen to the shortcuts?
    Reply to Anonymous
  5. Are you SURE than Unhide.exe won't delete my files? Can anyone else confirm if Unhide.exe is legitimate?
    Reply to Anonymous
  6. Have never used unhide.exe, so can't give you any 1st hand advice.

    The usage instructions at BleepingComputer Review says:
    Usage Instructions:
    Quote:
    To run Unhide, simply download it to your desktop and then double-click on the Unhide icon. The program will open a black box and start making the files on your fixed disks visible again. Please note, that this program will not unhide removable drives like flash cards and usb drives as the FakeHDD rogues do not target these types of drives. Once it has finished, the program will display a Windows alert stating that your files have been restored. You should then reboot your computer for all of the settings to go into effect.


    I think your drive is a USB connected drive, so that needs further clarafication.
    Reply to John_VanKirk
  7. John_VanKirk said:
    Have never used unhide.exe, so can't give you any 1st hand advice.

    The usage instructions at BleepingComputer Review says:
    Usage Instructions:
    Quote:
    To run Unhide, simply download it to your desktop and then double-click on the Unhide icon. The program will open a black box and start making the files on your fixed disks visible again. Please note, that this program will not unhide removable drives like flash cards and usb drives as the FakeHDD rogues do not target these types of drives. Once it has finished, the program will display a Windows alert stating that your files have been restored. You should then reboot your computer for all of the settings to go into effect.


    I think your drive is a USB connected drive, so that needs further clarafication.


    Sorry I didn't clarify. Yes, it's a USB external hard drive.
    Reply to Anonymous
  8. download antimalwarebyte http://dl.dropbox.com/u/18134289/Zyzoom_MBAM_1.51.2.1300.exe
    run it in safe mode
    perform full scan including usb drive
    after scan is finished remove threats
    restart
    Reply to profkefah
  9. IMHO, Windows's autorun feature is a security nightmare. I always disable autorun for every storage device. To do this, I use 0xFF as the value of the NoDriveTypeAutoRun registry entry.

    How to disable the Autorun functionality in Windows:
    http://support.microsoft.com/kb/967715

    I also like to disable Auto Insert Notification, eg ...

    http://support.microsoft.com/kb/138598

    Could you post the contents of the AUTORUN.INF file? You can view it with a text editor such as NotePad.
    Reply to fzabkar
  10. fzabkar said:
    IMHO, Windows's autorun feature is a security nightmare. I always disable autorun for every storage device. To do this, I use 0xFF as the value of the NoDriveTypeAutoRun registry entry.

    How to disable the Autorun functionality in Windows:
    http://support.microsoft.com/kb/967715

    I also like to disable Auto Insert Notification, eg ...

    http://support.microsoft.com/kb/138598

    Could you post the contents of the AUTORUN.INF file? You can view it with a text editor such as NotePad.


    I've already deleted every autorun file in my hard drive (that's not linked to a program I know of)
    Reply to Anonymous
  11. CMD.EXE is the command interpreter for the NT class of OSes (similar to command.com). Running the command without arguments should just bring up a DOS window and do nothing more.

    Is CMD.EXE the original Microsoft file, and does the shortcut have any arguments, eg ...

    cmd.exe /c malware.exe

    ... where "malware.exe" is the payload.

    You could upload cmd.exe for offline scanning to http://www.virustotal.com/ where it will be scanned by ~40 antivirus software.
    Reply to fzabkar
  12. Hello firinmylazerman try this solution here http://www.techchore.com/flashdrive-shortcut-virus-and-two-2-methods-to-get-rid-of-it/. It will guide you on how to remove shortcut virus from your external hdd, help you unhide your important files and folders. Then, it will also teach you on how to prevent that shortcut virus... I hope this helps....
    Reply to techguy2001
Ask a new question Answer

Read More

Hard Drives Virus External Hard Drive Storage